Security daily (10-07-2020)

Identify, arrange, and manage secrets easily using enhanced search in AWS Secrets Manager

AWS Secrets Manager now enables you to search secrets based on attributes such as secret name, description, tag keys, and tag values. With this launch, you can easily identify, arrange, and manage your secrets into logical groups that can then be used by specific applications, departments, or employees. For example, you can use the Secrets […] (AWS Security Blog)

How to use resource-based policies in the AWS Secrets Manager console to securely access secrets across AWS accounts

AWS Secrets Manager now enables you to create and manage your resource-based policies using the Secrets Manager console. With this launch, we are also improving your security posture by both identifying and preventing creation of resource policies that grant overly broad access to your secrets across your Amazon Web Services (AWS) accounts. To achieve this, […] (AWS Security Blog)

Google bans stalkerware marketing in ad policy adjustment, but leaves big loophole

Starting next month, Google says it will no longer allow advertisements or marketing in its network that promotes spyware and surveillance technology used for intimate partner surveillance. More commonly known as stalkerware, these applications can facilitate and exacerbate domestic violence by monitoring a target’s texts, phone calls, browsing history, geolocation, social media history, and more without alerting targets they are being tracked. The policy update intends to bar advertisements or marketing in Google’s ad network that perpetuates this kind of surveillance without targets’ consent. The change, announced this month, could be an important move for stalkerware victims because while Google has taken steps to ban stalkerware applications in the Google Play Store, developers can always place advertisements that direct users to third-party sources where the applications can be acquired. Despite the changes, there are still several gaps that could allow stalkerware advertising in Google’s network. Although Google says its new […] The post Google bans stalkerware marketing in ad policy adjustment, but leaves big loophole appeared first on CyberScoop. (CyberScoop)

Biden campaign hires ex-White House official Chris DeRusha as CISO

Joe Biden, the presumptive Democratic nominee for president, has turned to a former White House cybersecurity official to protect the campaign’s networks from hackers. Biden’s campaign said Friday it had hired Chris DeRusha, who served as a White House cybersecurity adviser when Biden was vice president, as the campaign’s chief information security officer. DeRusha, who has also held cybersecurity positions with the State of Michigan, the Department of Homeland Security and Ford Motor Co., will be charged with safeguarding the campaign’s digital assets in an election that U.S. officials expect to draw continued foreign interference. The Biden campaign has also hired software engineer Jacky Chang as its chief technology officer. Chang worked as a technologist for the Democratic National Committee and for Hillary Clinton’s 2016 presidential campaign. “Biden for President takes cybersecurity seriously and is proud to have hired high quality personnel with a diverse breadth of experience, knowledge and […] The post Biden campaign hires ex-White House official Chris DeRusha as CISO appeared first on CyberScoop. (CyberScoop)

Google’s ad ban won’t stop stalkerware apps from promoting themselves

Google has announced that from August 2020 it will be prohibiting ads for stalkerware products and services. But a loophole means that the companies behind creepy stalkerware apps will still be able to advertise themselves. (Graham Cluley)

Learn About Data Analysis with Excel & Power BI for Only $25

You don't need to work in the accounting department of a Fortune 500 company to use and appreciate Microsoft Excel. Although primarily associated with a wide variety of functions pertaining to accounting and finance, Excel is actually an incredibly powerful and multifaceted platform that can be found at the heart of many large-scale analytics environments.

If you're interested in working in an industry that relies on increasingly complex data analysis — including programming, web development, marketing, and AI — you'll want to have a thorough understanding of how Excel can be used for more... more (Null Byte « WonderHowTo)

Zoom Zero-Day Allows RCE, Patch On The Way

(News ≈ Packet Storm)

TikTok Halts Hong Kong Access After Security Law

(News ≈ Packet Storm)

KingComposer Patches XSS Flaw Impacting 100,000 WordPress Sites

(News ≈ Packet Storm)

Backdoor Accounts Discovered In 29 C-Data FTTH Devices

(News ≈ Packet Storm)

Unpatched Critical Flaw Disclosed in Zoom Software for Windows 7 or Earlier

A zero-day vulnerability has been discovered in Zoom video conferencing software for Windows that could allow an attacker to execute arbitrary code on a victim's computer running Microsoft Windows 7 or older.

To successfully exploit the zoom vulnerability, all an attacker needs to do is tricking a Zoom user into performing some typical action like opening a received document file. No security (The Hacker News)

Popular TP-Link Family of Kasa Security Cams Vulnerable to Attack

Researcher warns the highly-rated Kasa family of security cameras have bugs that gives hackers access to private video feeds and settings. (Threatpost)

Google Bans Stalkerware Ads – With a Loophole

Starting in August Google is banning ads of products or services promoting stalkerware. (Threatpost)

Smartwatch Hack Could Trick Dementia Patients into Overdosing

Attackers could hack the smartwatch and send dementia patients alerts for taking their medication. (Threatpost)

Report: Most Popular Home Routers Have ‘Critical’ Flaws

Common devices from Netgear, Linksys, D-Link and others contain serious security vulnerabilities that even updates don’t fix. (Threatpost)


/security-daily/ 11-07-2020 23:44:23